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REMARKS/ARGUMENTS 

Status of the Claims 

Claims 1-12, 14-27, 29-34 and 36-46 are currently pending in the application. 
Claims 1, 22, and 33 have been amended. No new matter has been added by the amendments. 
No claims have been added. No claims have been cancelled. Therefore, claims 1-12, 14-27, 29- 
34 and 36-46 are present for examination. Claims 1, 22, and 33 are independent claims. 

Recommended Amendments to the Claims 

Claims 1, 22, and 33 have generally been amended to recite that operations are 
performed by "an identity system" as requested by the Examiner in the Office Action, as well as 
in a teleconference with the Examiner on June 3, 2008. Applicants respectfully request that the 
amendments are entered in order to expedite issuance of this case. 

Rejections under 35 U.S.C. § 102 

The Office Action has rejected claims 1-2 and 4-39 under 35 U.S.C. § 102(a) and 
(e) as being anticipated by U.S. Patent No. 6,067,548 issued to Cheng ("Cheng"). Applicants 
respectfully submit that Cheng fails to anticipate the present claims. 

Claim 1, in part, recites: 

the access management system accessing a template that 
indicates one or more parameters for defining one or more 
workflows for managing identity profiles, wherein said one or more 
parameters comprise one or more parameters that define an 
operation to be performed on identity profiles as part of said one or 
more workflows 

The Office Action relies on Cheng at col. 11, line 59 - col. 12, line 26 which 

discloses: 

Multiple servers like 156 can be used in the architecture of 
the present invention. Each server 156 attends clients within a 
domain. The servers like 156 exchange information with one 
another through the regular APIs. A domain corresponds to a 
physical implementation of a data store like 160. Multiple 
organizations can reside in a domain, but an organization does not 
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span across domains. A domain has a globally unique identifier, 
while organization names are unique only within a domain. 

However, the relatively unique name of an organization, 
combined with the unique domain name, must be a universally 
unique identifier (UUID). For example, domain london and 
domain Seattle may both contain an organization named employee. 
The corresponding unique organization names will be: 
employee.london, employee.seattle. 

Similarly, although a member name is only unique within 
an organization, by concatenating the member name with the 
UUID of the organization, a UUID for the member is obtained as 
well. For example, the member names john. sub. — 
smith.employee.london john.sub.-- smith.employee.seattle are 
globally unique. 

For a user to be able to access the global organizational 
information, updates to domains and organization definitions ought 
to be propagated to all servers on a regular basis (such as once 
every hour). It is not necessary to escalate updates of members, 
virtual links, or attributes outside of a domain, for the organization 
UUID will indicate if the underlying information is managed by 
another server. Based on this UUID, the local server may retrieve 
data from the remote server. 

Examining the first the portion of claim 1 which recites an "access management 
system accessing a template", Applicants are unable to find any teaching or suggestion in the 
cited portions of Cheng which disclose such a feature. Cheng discloses multiple servers that 
attend to multiple clients and facilitate the exchange of information; however, the multiple 
servers are not access management systems nor is there any disclosure of any of the servers 
accessing templates, or the like. Specifically, the Applicants' Specification at page 8, lines 9 and 
10 describes an access management system as a system which "provides identity management 
services and/or access management services for a network", whereas, as is well known in the art, 
a server is simply a computer system which sends and/or receives data requests. 

Further, an examination of the portion of claim 1 which recites "a template that 
indicates one or more parameters for defining one or more workflows for managing identity 
profiles", Applicants conclude that they are unable to find any teaching or suggestion in the cited 
portions of Cheng of such a feature. Instead, Cheng discloses utilizing a domain name as a 
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unique identifier, which uniquely identifies the name of an organization which when combined 
generates a universally unique identifier (UUID). Applicants believe that the Examiner mistakes 
an identity profile as a unique identifier. The Applicants' Specification at page 10, line 29 - page 
1 1, line 2 describes an identity profile as "a set of information associated with a particular entity 
(e.g. user, group, organization, etc.). The data elements of the identity profile are called 
attributes, which are discussed in more detail below. An attribute may include a name, value and 
access criteria." Clearly, Cheng's UUID is not the same as claim l's identity profile. 
Additionally, Applicants submit that nowhere does Cheng teach or suggest the use of parameters 
defining workflows, as recited by claim 1 . 

Claim 1 further recites, in part, that the "one or more parameters comprise one or 
more parameters that define an operation to be performed on identity profiles as part of said one 
or more workflows." Cheng fails to teach or suggest the use of parameters which define 
operations to be performed on identity profiles. Instead, Cheng discloses that in order for a user 
to be able to access global organizational information, updates to domains and organization 
definitions ought to be propagated to all servers on a regular basis, (see Cheng at col. 12, 11. 
1 8-20). Where Cheng is directed to providing domain and organizational definitions to allow a 
user to access global information, claim 1, in contrast, is concerned with performing operations 
on identity profiles. Hence, Cheng fails to teach of suggest such claim limitations as in claim 1 . 

Claim 1, in part, further recites: 

the identity system creating a definition of a first workflow 
for managing an identity profile for at least one user, based on said 
template, wherein said identity profile is used by said access 
management system to control access by said at least one user to 
said resources across one or more web servers, wherein the first 
workflow is configured to automate the process of managing the 
identity profile by executing the operation defined by one or more 
workflow parameters 

The Office Action relies on Cheng at col. 11, lines 4-52 which, in part, discloses: 

The database schema of the present invention provides for 
the integration of multiple databases through a mapping process 
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and an inventive database schema. For each database to be 
integrated, like HR database 152 for example, an organization 52 is 
defined (as illustrated in FIG. 3). For each field in the HR database 
152, a corresponding member 54 having an attribute 60 and/or 
method 62 is defined in the organization 52. 

[EJxisting databases like 152, having any number of fields 
defined, becomes a list of organizations like 52. Each organization 
having a well-defined database schema using database objects 
comprising a group of fields, i.e. member.sub.- id, attribute.sub.- 
id, attribute.sub.— value, etc. Any application can then be 
advantageously integrated with the present invention regardless of 
the format of the preexisting databases by using the structure 
provided by the inventive database schema, namely, the group of 
fields. 

In contrast, the recited element of claim 1 teaches that the access management 
system is to control access to resources across multiple web servers and to automate the identity 
management process of the identity profiles using workflows. As can be ascertained from the 
quoted portions of Cheng, Cheng merely discloses a database schema which integrates multiple 
databases where the data is mapped across those databases. Applicants respectfully submit that 
mapping data across multiple databases is not controlling access across multiple web servers. 
First, a web server is not a database, and second mapping data is not controlling access. 
Furthermore, there is no disclosure in Cheng of automation of such processes. Accordingly, 
Applicants submit that Cheng also fails to anticipate this cited portion of claim 1. 

Claim 1, in part, further recites: 

the identity system storing said definition of said first 
workflow at a mass storage device. 

The Office Action relies on Cheng at col. 7, lines 55-67 which discloses: 

The different vertical and horizontal partitions of the 
enterprise correspond naturally to database tables. It is typical to 
use some tables within a database environment to capture the 
information of an organizational partition. The present invention 
methodology does not dictate the underlying data model, although 
the preferred implementation uses either an object-oriented 
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database or a RDBMS. When a relational database implementation 
is chosen, users define the attributes 60 of the members 54 as 
columns in a relational table. In an object-oriented database 
environment, the attributes 60 of the members 54 map directly to a 
class definition. This constitutes a class of members for each 
organization 52. 

Applicants are unable to find any teaching or suggestion of storing definitions, 
workflows, or even a mass storage device in the cited portions of Cheng. Accordingly, 
Applicants submit that Cheng fails to teach or suggest the recited limitation from claim 1. 
Furthermore, claims 22 and 33 include similar limitations as claims 1 . As such, Applicants 
submit that Cheng also fails to teach or suggest the limitations in claims 22 and 33 for at least the 
same reasons as claim 1. Accordingly, Applicants respectfully request that the rejection of 
claims 1, 22, and 33 be withdrawn. 

Furthermore, dependent claims 2-12, 14-21, 23-27, 29-32, 34 and 36-46 depend 
from one of independent claims 1, 22, or 33, and thus by the virtue of their dependence on an 
allowable base claim, Applicants submit that claims 2-12, 14-21, 23-27, 29-32, 34 and 36-46 are 
also allowable. 

Rejections under 35 U.S.C. $ 103 

The Office Action has rejected claim 40 under 35 U.S.C. § 103(a) as being 
unpatentable over Cheng. The Office Action has rejected claims 3 and 41-46 under 35 U.S.C. 
§ 103(a) as being unpatentable over Cheng, in view of U.S. Patent No. 7,080,078 issued to 
Slaughter et al. ("Slaughter"). 

Dependent claims 3 and 40-46 depend from claims 1 and 33. As noted above 
claims 1 and 33 are allowable over Cheng, and it is believed that Slaughter does not remedy the 
failings of Cheng noted above. Hence, claims 3 and 40-46 are believed to be allowable, at least 
by virtue of its dependence from allowable base claims over Cheng and Slaughter, individually, 
or when combined in any combination. 
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CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 

71 

Application are in condition for allowance and an action to that end isiespectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000^ 

/ / 

0 

/ 

Respectfully subr 



Charles W. Gray 
Reg. No. 61,345 
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